Search code examples
dockercontainersroot

Docker Spawn a shell as a user instead of root

Usually when I develop application using docker container as my development test base I need in order to run manually composer, phpunit, npm, bower and various development scrips in it a shell via the following command:

docker exec -ti /bin/sh

But when the shell is spawned, is spawned with root permissions. What I want to achieve is to spawn a shell without root permissions but with a specified user one.

How I can do that?

In my case my Dockerfile has the following entries:

FROM php:5.6-fpm-alpine

ARG UID="1000"
ARG GID="1000"

COPY ./entrypoint.sh /usr/local/bin/entrypoint.sh
COPY ./fpm.conf /usr/local/etc/php-fpm.d/zz-docker.conf


RUN chmod +x /usr/local/bin/entrypoint.sh &&\
    addgroup -g ${GID} developer &&\
    adduser -D -H -S -s /bin/false -G developer -u ${UID} developer


ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["php-fpm"]

And I mount a directory of my projject I develop from the host into /var/www/html and preserving the user permissions, so I just need the following docker-compose.yml in order to build it:

version: '2'
services:

 php_dev:
  build:
   context: .
   dockerfile: Dockerfile
   args:
     XDEBUG_HOST: 172.17.0.1
     XDEBUG_PORT: 9021
     UID: 1000
     GID: 1000
  image: pcmagas/php_dev
  links:
    - somedb
  volumes:
    - "$SRC_PATH:/var/www/html:Z"

Sop by setting the UID and GID into my host's user id and group id and with the following config form fpm:

[global]
daemonize = no

[www]
listen = 9000
user = developer
group = developer

I manage to run any changes to my code without worring about mysterious changes to user wonerships. But I want to be able to spawn a shell inside the running php_dev container as the developer user so any future tool such as composer or npm will run with the appropriate user permissions.

Of cource I guess same principles will apply into other languages as well for examples for python the pip

Solution

  • In case you need to run the container as a non-root user you have to add the following line to your Dockerfile:

    USER developer

    Note that in order to mount a directory through docker-compose.yml you have to change the permission of that directory before running docker-compose up by executing the following command

    chown UID:GID /path/to/folder/on/host

    UID and GID should match the UID and GID of the user's container. This will make the user able to read and write to the mounted volume without any issues

    Read more about USER directive